restrict access to the admin url by ip in django with nginx and gunicorn

Question

I am trying to restrict access to the admin section of my django app by using simple host-based access control in nginx. Unfortunately nginx does not seem to abide by the configuration request:

this is my setting for this particular section in nginx:

# gunicorn setup
location / {
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 }


 location /admin/ { # restrict access to admin section
    allow 192.168.0.1;
    deny all;
 }

This does still block my ip 192.168.0.1. What am I doing wrong? Is there another way to block access to the /admin/ section of a django app?

Answer 1

I found a solution to this problem by replacing the /admin/ location with the following:

location ^~ /admin/ { # restrict access to admin section
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    allow 192.168.0.1;
    deny all;
}

I hope this will save someone some long searches on the internet. I would appreciate answers offering a better solution.